ā05-01-2020 01:22 AM - edited ā07-05-2021 12:00 PM
HI Team
When users are connecting to the corp-SSID they are getting the ip from the WLC management sub net . In the flex connect i have set the Vlan and tested too but still no luck .
WLC issue, Other Wireless-Mobility Subjects
Below is AP details
cisco AIR-AP1832I-E-K9 ARMv7 Processor rev 0 (v7l) with 967420/705872K bytes of memory.
Processor board ID KWC203705ZI
AP Running Image : 8.3.143.0
Primary Boot Image : 8.3.143.0
Backup Boot Image : 8.2.111.0
2 Gigabit Ethernet interfaces
2 802.11 Radios
Radio FW version : c5d79906494f60ee03674c0779e5c30b
NSS FW version : NSS.AK.1.0.c10-00017-E_custC-1.67978.1
Base ethernet MAC Address : D4:2C:44:E0:0F:F8
Part Number : 0-0000-00
PCA Assembly Number : 074-104313-02
PCA Revision Number : 01
PCB Serial Number : KWC203705ZI
Top Assembly Part Number : 000-00000-00
Top Assembly Serial Number : KWC203705ZI
Top Revision Number : A0
Product/Model Number : AIR-AP1832I-E-K9
Controller details
(Cisco Controller) >show sysinfo
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 8.3.143.0
RTOS Version..................................... 8.3.143.0
Bootloader Version............................... 8.3.15.96
Emergency Image Version.......................... 8.3.143.0
OUI File Update Time............................. Sun Sep 07 10:44:07 IST 2014
Build Type....................................... DATA + WPS
System Name...................................... HQ-WLC
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.1631
IP Address....................................... 142.100.64.11
IPv6 Address..................................... ::
System Up Time................................... 0 days 2 hrs 8 mins 42 secs
System Timezone Location......................... (GMT +4:00) Muscat, Abu Dhabi
System Stats Realtime Interval................... 5
System Stats Normal Interval..................... 180
SSID details
WLAN Identifier.................................. 1
Profile Name..................................... Corp-SSID
Network Name (SSID).............................. Corp-SSID
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control
Client Profiling Status
Radius Profiling ............................ Disabled
DHCP ....................................... Disabled
HTTP ....................................... Disabled
Local Profiling ............................. Disabled
DHCP ....................................... Disabled
HTTP ....................................... Disabled
Radius-NAC State............................... Disabled
SNMP-NAC State................................. Disabled
Quarantine VLAN................................ 0
Maximum Clients Allowed.......................... Unlimited
Maximum number of Clients per AP Radio........... 200
ATF Policy....................................... 0
Number of Active Clients......................... 1
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 86400 seconds
User Idle Timeout................................ Disabled
Sleep Client..................................... disable
Sleep Client Timeout............................. 720 minutes
User Idle Threshold.............................. 0 Bytes
NAS-identifier................................... none
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ vlan 10
Multicast Interface.............................. Not Configured
WLAN IPv4 ACL.................................... unconfigured
WLAN IPv6 ACL.................................... unconfigured
WLAN Layer2 ACL.................................. unconfigured
mDNS Status...................................... Disabled
mDNS Profile Name................................ unconfigured
DHCP Server...................................... Default
DHCP Address Assignment Required................. Disabled
Static IP client tunneling....................... Disabled
Tunnel Profile................................... Unconfigured
Quality of Service............................... Silver
Per-SSID Rate Limits............................. Upstream Downstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Per-Client Rate Limits........................... Upstream Downstream
Average Data Rate................................ 0 0
Average Realtime Data Rate....................... 0 0
Burst Data Rate.................................. 0 0
Burst Realtime Data Rate......................... 0 0
Scan Defer Priority.............................. 4,5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
WMM UAPSD Compliant Client Support............... Disabled
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... 802.1P (Tag=0)
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
Authentication................................ Global Servers
Accounting.................................... Global Servers
Interim Update............................. Enabled
Interim Update Interval.................... 0
Framed IPv6 Acct AVP ...................... Prefix
Dynamic Interface............................. Disabled
Dynamic Interface Priority.................... wlan
Local EAP Authentication......................... Disabled
Radius NAI-Realm................................. Disabled
Mu-Mimo.......................................... Enabled
Security
802.11 Authentication:........................ Open System
FT Support.................................... Adaptive
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Enabled
WPA (SSN IE)............................... Disabled
AES Cipher.............................. Enabled
CCMP256 Cipher.......................... Disabled
GCMP128 Cipher.......................... Disabled
GCMP256 Cipher.......................... Disabled
OSEN IE.................................... Disabled
Auth Key Management
802.1x.................................. Disabled
PSK..................................... Enabled
CCKM.................................... Disabled
FT-1X(802.11r).......................... Disabled
FT-PSK(802.11r)......................... Disabled
PMF-1X(802.11w)......................... Disabled
PMF-PSK(802.11w)........................ Disabled
OSEN-1X................................. Disabled
SUITEB-1X............................... Disabled
SUITEB192-1X............................ Disabled
FT Reassociation Timeout................... 20
FT Over-The-DS mode........................ Enabled
GTK Randomization.......................... Disabled
SKC Cache Support.......................... Disabled
CCKM TSF Tolerance......................... 1000
Wi-Fi Direct policy configured................ Disabled
EAP-Passthrough............................... Disabled
--More-- or (q)uit
CKIP ......................................... Disabled
Web Based Authentication...................... Disabled
Web Authentication Timeout.................... 300
Web-Passthrough............................... Disabled
Mac-auth-server............................... 0.0.0.0
Web-portal-server............................. 0.0.0.0
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
Auto Anchor................................... Disabled
FlexConnect Local Switching................... Enabled
FlexConnect Central Association............... Disabled
flexconnect Central Dhcp Flag................. Disabled
flexconnect nat-pat Flag...................... Disabled
flexconnect Dns Override Flag................. Disabled
flexconnect PPPoE pass-through................ Disabled
flexconnect local-switching IP-source-guar.... Disabled
FlexConnect Vlan based Central Switching ..... Disabled
FlexConnect Local Authentication.............. Disabled
FlexConnect Learn IP Address.................. Enabled
Client MFP.................................... Optional
PMF........................................... Disabled
PMF Association Comeback Time................. 1
PMF SA Query RetryTimeout..................... 200
--More-- or (q)uit
Tkip MIC Countermeasure Hold-down Timer....... 60
Eap-params.................................... Disabled
Flex Avc Profile Name............................ None
Flow Monitor Name................................ None
Split Tunnel Configuration
Split Tunnel................................. Disabled
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
SIP CAC Fail Send-486-Busy Policy................ Enabled
SIP CAC Fail Send Dis-Association Policy......... Disabled
KTS based CAC Policy............................. Disabled
Assisted Roaming Prediction Optimization......... Disabled
802.11k Neighbor List............................ Enabled
802.11k Neighbor List Dual Band.................. Disabled
802.11v Directed Multicast Service............... Enabled
802.11v BSS Max Idle Service..................... Enabled
802.11v BSS Transition Service................... Enabled
802.11v BSS Transition Disassoc Imminent......... Disabled
802.11v BSS Transition Disassoc Timer............ 200
802.11v BSS Transition OpRoam Disassoc Timer..... 40
DMS DB is empty
Band Select...................................... Disabled
Load Balancing................................... Disabled
--More-- or (q)uit
Multicast Buffer................................. Disabled
Universal Ap Admin............................... Disabled
Broadcast Tagging................................ Disabled
Mobility Anchor List
WLAN ID IP Address Status Priority
------- --------------- ------ --------
802.11u........................................ Disabled
MSAP Services.................................. Disabled
Local Policy
----------------
Priority Policy Name
-------- ---------------
QoS Fastlane Status.............................. Disable
Selective Reanchoring Status..................... Disable
Switch Config
WPA2 (RSN IE).............................. Enabled
TKIP Cipher............................. Disabled
Server connected ( WLC) ESXI
interface FastEthernet1/0/2
switchport trunk encapsulation dot1q
switchport mode trunk
spanning-tree portfast trunk
AP
interface FastEthernet1/0/19
switchport trunk encapsulation dot1q
switchport trunk native vlan 100
switchport mode trunk
interface Vlan10 ( usersubnet)
ip address 192.168.1.254 255.255.255.0
ip helper-address 192.168.1.254
!
interface Vlan100 ( managment Subnet )
ip address 142.100.64.253 255.255.255.0
ip helper-address 142.100.64.253
ip dhcp pool 1
network 192.168.1.0 255.255.255.0
dns-server 192.168.1.10 8.8.8.8
option 150 ip 192.168.1.11
domain-name nsccme.online
default-router 192.168.1.254
!
ip dhcp pool wlc
network 142.100.64.0 255.255.255.0
default-router 142.100.64.253
dns-server 192.168.1.10 8.8.8.8
domain-name nsccme.online
option 43 ip 142.100.64.11
!
Please help to resolve the issue
Regards
raja
ā05-01-2020 01:54 AM
Can you also provide the output of your flexconnect group:
show flexconnect group detail <group name>
ā05-01-2020 08:48 AM
HI
Please find the below
(Cisco Controller) >show flexconnect group detail default-flex-group
Number of APs in Group: 1
AP Ethernet MAC Name Status Mode Type Conflict with PnP
-------------------- -------------------- --------------- ---------------- -------- -----------------
d4:2c:44:e0:0f:f8 AP-01 Joined Flexconnect Manual No
Efficient AP Image Upgrade ..... Disabled
Master-AP-Mac Master-AP-Name Model Manual
Group Radius Servers Settings:
Type Server Address Port
------------- ---------------- -------
Primary Unconfigured Unconfigured
Secondary Unconfigured Unconfigured
Group Radius/Local Auth Parameters :
Radius Retransmit Count......................... 3 (default)
Active Radius Timeout........................... 5 (default)
Group Radius AP Settings:
--More-- or (q)uit
AP RADIUS server............ Disabled
EAP-FAST Auth............... Disabled
LEAP Auth................... Disabled
EAP-TLS Auth................ Disabled
EAP-TLS CERT Download....... Disabled
PEAP Auth................... Disabled
Server Key Auto Generated... No
Server Key.................. <hidden>
Authority ID................ 436973636f0000000000000000000000
Authority Info.............. Cisco A_ID
PAC Timeout................. 0
HTTP-Proxy Ip Address....... 0.0.0.0
HTTP-Proxy Port............. 0
Multicast on Overridden interface config: Disabled
DHCP Broadcast Overridden interface config: Disabled
Number of User's in Group: 0
FlexConnect Vlan-name to Id Template name: none
Group-Specific Vlan Config:
Vlan Mode.................... Disabled
Override AP Config........... Disabled
Group-Specific FlexConnect Wlan-Vlan Mapping:
WLAN ID Vlan ID
--More-- or (q)uit
-------- --------------------
WLAN ID SSID Central-Dhcp Dns-Override Nat-Pat
ā05-01-2020 09:10 AM
On the Wlan i have removed FlexConnect Local Switching then it is getting the Correct DHCP is that correct Please advise
does this make any issue
ā05-01-2020 02:42 PM - edited ā05-01-2020 11:16 PM
You will need to setup a FlexConnect Group or modify the default flex group, under WLAN VLAN Mapping tab you need to:
- Enable VLAN Support and enter your native VLAN, VLAN 100
- Map your WLAN ID, (WLAN 1) to VLAN 10
- Map your AP to the Flex Connect Group by going under the General Tab depending your WLC version you should see "FlexConnect AP" where you can go and add the AP.
<<< Pls remember to rate all useful responses >>>
ā05-02-2020 05:43 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide